| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <784c7b40-031d-d881-26f8-e2f235cbacd9@igalia.com>
Date: Fri, 10 Nov 2017 17:48:33 +0100
From: Carlos Alberto Lopez Perez <clopez@...lia.com>
To: "webkit-gtk@...ts.webkit.org" <webkit-gtk@...ts.webkit.org>
Cc: security@...kit.org, distributor-list@...me.org,
oss-security@...ts.openwall.com, bugtraq@...urityfocus.com
Subject: WebKitGTK+ Security Advisory WSA-2017-0009
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0009
------------------------------------------------------------------------
Date reported : November 10, 2017
Advisory ID : WSA-2017-0009
Advisory URL : https://webkitgtk.org/security/WSA-2017-0009.html
CVE identifiers : CVE-2017-13783, CVE-2017-13784, CVE-2017-13785,
CVE-2017-13788, CVE-2017-13791, CVE-2017-13792,
CVE-2017-13793, CVE-2017-13794, CVE-2017-13795,
CVE-2017-13796, CVE-2017-13798, CVE-2017-13802,
CVE-2017-13803.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2017-13783
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-13784
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-13785
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-13788
Versions affected: WebKitGTK+ before 2.18.3.
Credit to xisigr of Tencent's Xuanwu Lab (tencent.com).
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-13791
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-13792
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-13793
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Hanul Choi working with Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-13794
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-13795
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-13796
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-13798
Versions affected: WebKitGTK+ before 2.18.3.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-13802
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-13803
Versions affected: WebKitGTK+ before 2.18.3.
Credit to chenqin (陈钦) of Ant-financial Light-Year Security.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
November 10, 2017
Download attachment "signature.asc" of type "application/pgp-signature" (898 bytes)
Powered by blists - more mailing lists